Abstract
Context-sensitivity is the primary approach for adding more precision to a points-to analysis, while hopefully also maintaining scalability. An oft-reported problem with context-sensitive analyses, however, is that they are bi-modal: either the analysis is precise enough that it manipulates only manageable sets of data, and thus scales impressively well, or the analysis gets quickly derailed at the first sign of imprecision and becomes orders-of-magnitude more expensive than would be expected given the program's size. There is currently no approach that makes precise context-sensitive analyses (of any flavor: call-site-, object-, or type-sensitive) scale across the board at a level comparable to that of a context-insensitive analysis. To address this issue, we propose introspective analysis: a technique for uniformly scaling context-sensitive analysis by eliminating its performance-detrimental behavior, at a small precision expense. Introspective analysis consists of a common adaptivity pattern: first perform a context-insensitive analysis, then use the results to selectively refine (i.e., analyze context-sensitively) program elements that will not cause explosion in the running time or space. The technical challenge is to appropriately identify such program elements. We show that a simple but principled approach can be remarkably effective, achieving scalability (often with dramatic speedup) for benchmarks previously completely out-of-reach for deep context-sensitive analyses.
- L. O. Andersen. Program Analysis and Specialization for the C Programming Language. PhD thesis, DIKU, University of Copenhagen, May 1994.Google Scholar
- M. Bravenboer and Y. Smaragdakis. Strictly declarative specification of sophisticated points-to analyses. In Conf. on Object Oriented Programming, Systems, Languages, and Applications (OOPSLA), New York, NY, USA, 2009. ACM. Google Scholar
Digital Library
- S. Chong. Personal communication, 2013.Google Scholar
- C. Cifuentes. Personal communication, 2013.Google Scholar
- M. Eichberg, S. Kloppenburg, K. Klose, and M. Mezini. Defining and continuous checking of structural program dependencies. In Int. Conf. on Software engineering (ICSE), pages 391--400, New York, NY, USA, 2008. ACM. Google Scholar
Digital Library
- S. J. Fink. T. J. Watson libraries for analysis (WALA). http://wala.sourceforge.net.Google Scholar
- S. Guarnieri and B. Livshits. GateKeeper: mostly static enforcement of security and reliability policies for Javascript code. In Proceedings of the 18th USENIX Security Symposium, SSYM'09, pages 151--168, Berkeley, CA, USA, 2009. USENIX Association. Google Scholar
Digital Library
- S. Z. Guyer and C. Lin. Client-driven pointer analysis. In Proceedings of the 10th International Conference on Static Analysis, SAS'03, pages 214--236, Berlin, Heidelberg, 2003. Springer-Verlag. Google Scholar
Digital Library
- E. Hajiyev, M. Verbaere, and O. de Moor. Codequest: Scalable source code queries with Datalog. In European Conf. on Object-Oriented Programming (ECOOP), pages 2--27. Spinger, 2006. Google Scholar
Digital Library
- N. Heintze and O. Tardieu. Demand-driven pointer analysis. In Conf. on Programming Language Design and Implementation (PLDI), pages 24--34, New York, NY, USA, 2001. ACM. Google Scholar
Digital Library
- G. Kastrinis and Y. Smaragdakis. Efficient and effective handling of exceptions in Java points-to analysis. In Compiler Construction, Mar. 2013. Google Scholar
Digital Library
- G. Kastrinis and Y. Smaragdakis. Hybrid context-sensitivity for points-to analysis. In Conf. on Programming Language Design and Implementation (PLDI). ACM, June 2013. Google Scholar
Digital Library
- M. S. Lam, J. Whaley, V. B. Livshits, M. C. Martin, D. Avots, M. Carbin, and C. Unkel. Context-sensitive program analysis as database queries. In Symposium on Principles of Database Systems (PODS), pages 1--12, New York, NY, USA, 2005. ACM. Google Scholar
Digital Library
- O. Lhoták and L. Hendren. Evaluating the benefits of context-sensitive points-to analysis using a BDD-based implementation. ACM Trans. Softw. Eng. Methodol., 18(1):1--53, 2008. Google Scholar
Digital Library
- O. Lhoták and L. J. Hendren. Context-sensitive points-to analysis: Is it worth it? In A. Mycroft and A. Zeller, editors, CC, volume 3923 of Lecture Notes in Computer Science, pages 47--64. Springer, 2006. Google Scholar
Digital Library
- P. Liang and M. Naik. Scaling abstraction refinement via pruning. In Conf. on Programming Language Design and Implementation (PLDI), pages 590--601, New York, NY, USA, 2011. ACM. Google Scholar
Digital Library
- M. Madsen, B. Livshits, and M. Fanning. Practical static analysis of Javascript applications in the presence of frameworks and libraries. Technical Report MSR-TR-2012-66, Microsoft Research, July 2012.Google Scholar
- M. Might, Y. Smaragdakis, and D. Van Horn. Resolving and exploiting the k-CFA paradox: Illuminating functional vs. object-oriented program analysis. In Conf. on Programming Language Design and Implementation (PLDI), pages 305--315. ACM, June 2010. Google Scholar
Digital Library
- A. Milanova, A. Rountev, and B. G. Ryder. Parameterized object sensitivity for points-to and side-effect analyses for Java. In International Symposium on Software Testing and Analysis (ISSTA), pages 1--11, New York, NY, USA, 2002. ACM. Google Scholar
Digital Library
- A. Milanova, A. Rountev, and B. G. Ryder. Parameterized object sensitivity for points-to analysis for Java. ACM Trans. Softw. Eng. Methodol., 14(1):1--41, 2005. Google Scholar
Digital Library
- T. Reps. Demand interprocedural program analysis using logic databases. In R. Ramakrishnan, editor, Applications of Logic Databases, pages 163--196. Kluwer Academic Publishers, 1994.Google Scholar
- M. Sharir and A. Pnueli. Two approaches to interprocedural data flow analysis. In S. S. Muchnick and N. D. Jones, editors, Program Flow Analysis, pages 189--233, Englewood Cliffs, NJ, 1981. Prentice-Hall, Inc.Google Scholar
- O. Shivers. Control-Flow Analysis of Higher-Order Languages. PhD thesis, Carnegie Mellon University, May 1991. Google Scholar
Digital Library
- Y. Smaragdakis, M. Bravenboer, and O. Lhoták. Pick your contexts well: Understanding object-sensitivity (the making of a precise and scalable pointer analysis). In Symposium on Principles of Programming Languages (POPL), pages 17--30. ACM Press, Jan. 2011. Google Scholar
Digital Library
- M. Sridharan and R. Bodík. Refinement-based context-sensitive points-to analysis for Java. In Conf. on Programming Language Design and Implementation (PLDI), pages 387--400, New York, NY, USA, 2006. ACM. Google Scholar
Digital Library
- M. Sridharan, D. Gopan, L. Shan, and R. Bodík. Demand-driven points-to analysis for Java. In Conf. on Object Oriented Programming, Systems, Languages, and Applications (OOPSLA), pages 59--76, New York, NY, USA, 2005. ACM. Google Scholar
Digital Library
- O. Tripp, M. Pistoia, S. J. Fink, M. Sridharan, and O. Weisman. Taj: effective taint analysis of web applications. In Conf. on Programming Language Design and Implementation (PLDI), pages 87--97, New York, NY, USA, 2009. ACM. Google Scholar
Digital Library
- R. Vallée-Rai, E. Gagnon, L. J. Hendren, P. Lam, P. Pominville, and V. Sundaresan. Optimizing Java bytecode using the Soot framework: Is it feasible? In Int. Conf. on Compiler Construction (CC), pages 18--34, 2000. Google Scholar
Digital Library
- R. Vallée-Rai, L. Hendren, V. Sundaresan, P. Lam, E. Gagnon, and P. Co. Soot - a Java optimization framework. In Proceedings of CASCON 1999, pages 125--135, 1999.Google Scholar
Digital Library
- J. Whaley, D. Avots, M. Carbin, and M. S. Lam. Using Datalog with binary decision diagrams for program analysis. In K. Yi, editor, APLAS, volume 3780 of Lecture Notes in Computer Science, pages 97--118. Springer, 2005. Google Scholar
Digital Library
- J. Whaley and M. S. Lam. Cloning-based context-sensitive pointer alias analysis using binary decision diagrams. In Conf. on Programming Language Design and Implementation (PLDI), pages 131--144, New York, NY, USA, 2004. ACM. Google Scholar
Digital Library
- X. Zheng and R. Rugina. Demand-driven alias analysis for c. In Symposium on Principles of Programming Languages (POPL), pages 197--208, New York, NY, USA, 2008. ACM. Google Scholar
Digital Library
Index Terms
Introspective analysis: context-sensitivity, across the board
Recommendations
Introspective analysis: context-sensitivity, across the board
PLDI '14: Proceedings of the 35th ACM SIGPLAN Conference on Programming Language Design and ImplementationContext-sensitivity is the primary approach for adding more precision to a points-to analysis, while hopefully also maintaining scalability. An oft-reported problem with context-sensitive analyses, however, is that they are bi-modal: either the analysis ...
Hybrid context-sensitivity for points-to analysis
PLDI '13Context-sensitive points-to analysis is valuable for achieving high precision with good performance. The standard flavors of context-sensitivity are call-site-sensitivity (kCFA) and object-sensitivity. Combining both flavors of context-sensitivity ...
Hybrid context-sensitivity for points-to analysis
PLDI '13: Proceedings of the 34th ACM SIGPLAN Conference on Programming Language Design and ImplementationContext-sensitive points-to analysis is valuable for achieving high precision with good performance. The standard flavors of context-sensitivity are call-site-sensitivity (kCFA) and object-sensitivity. Combining both flavors of context-sensitivity ...







Comments